summaryrefslogtreecommitdiff
path: root/templates/firewall
diff options
context:
space:
mode:
Diffstat (limited to 'templates/firewall')
-rw-r--r--templates/firewall/group/address-group/node.tag/address/node.def32
-rw-r--r--templates/firewall/group/port-group/node.tag/port/node.def32
2 files changed, 58 insertions, 6 deletions
diff --git a/templates/firewall/group/address-group/node.tag/address/node.def b/templates/firewall/group/address-group/node.tag/address/node.def
index 26519c0..d5f85b0 100644
--- a/templates/firewall/group/address-group/node.tag/address/node.def
+++ b/templates/firewall/group/address-group/node.tag/address/node.def
@@ -8,9 +8,35 @@ syntax:expression: exec "sudo /opt/vyatta/sbin/vyatta-ipset.pl \
--set-type=address \
--member=\"$VAR(@)\"; "
-create: sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=add-member \
- --set-name=$VAR(../@) \
- --member="$VAR(@)"
+create: tmpgrp=$VAR(../@)-$PPID
+ tmpfile="/tmp/$VAR(../@)-$PPID";
+
+ if [ "$COMMIT_SIBLING_POSITION" = "FIRST" ] || [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then
+ sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-set-empty \
+ --set-name=$VAR(../@)
+ if [ $? != 0 ]; then
+ touch $tmpfile;
+ fi;
+ sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=copy-set \
+ --set-name=$VAR(../@) --set-type=address --set-copy=$tmpgrp
+ fi;
+
+ sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=add-member \
+ --set-name="$tmpgrp" --member="$VAR(@)" --alias=$VAR(../@)
+ if [ $? != 0 ]; then
+ sudo ipset --destroy $tmpgrp;
+ if [ -e $tmpfile ]; then
+ sudo ipset --destroy $VAR(../@);
+ rm $tmpfile;
+ fi;
+ exit 1;
+ fi;
+
+ if [ "$COMMIT_SIBLING_POSITION" = "LAST" ] || [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then
+ sudo ipset --swap $tmpgrp "$VAR(../@)";
+ sudo ipset --destroy $tmpgrp;
+ rm -f $tmpfile;
+ fi;
delete: sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=delete-member \
--set-name=$VAR(../@) \
diff --git a/templates/firewall/group/port-group/node.tag/port/node.def b/templates/firewall/group/port-group/node.tag/port/node.def
index 5ce33b1..2aa367c 100644
--- a/templates/firewall/group/port-group/node.tag/port/node.def
+++ b/templates/firewall/group/port-group/node.tag/port/node.def
@@ -8,9 +8,35 @@ syntax:expression: exec "sudo /opt/vyatta/sbin/vyatta-ipset.pl \
--set-type=port \
--member=\"$VAR(@)\"; "
-create: sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=add-member \
- --set-name=$VAR(../@) \
- --member="$VAR(@)"
+create: tmpgrp=$VAR(../@)-$PPID
+ tmpfile="/tmp/$VAR(../@)-$PPID";
+
+ if [ "$COMMIT_SIBLING_POSITION" = "FIRST" ] || [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then
+ sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=is-set-empty \
+ --set-name=$VAR(../@)
+ if [ $? != 0 ]; then
+ touch $tmpfile;
+ fi;
+ sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=copy-set \
+ --set-name=$VAR(../@) --set-type=port --set-copy=$tmpgrp
+ fi;
+
+ sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=add-member \
+ --set-name="$tmpgrp" --member="$VAR(@)" --alias=$VAR(../@)
+ if [ $? != 0 ]; then
+ sudo ipset --destroy $tmpgrp;
+ if [ -e $tmpfile ]; then
+ sudo ipset --destroy $VAR(../@);
+ rm $tmpfile;
+ fi;
+ exit 1;
+ fi;
+
+ if [ "$COMMIT_SIBLING_POSITION" = "LAST" ] || [ "$COMMIT_SIBLING_POSITION" = "FIRSTLAST" ] ; then
+ sudo ipset --swap $tmpgrp "$VAR(../@)";
+ sudo ipset --destroy $tmpgrp;
+ rm -f $tmpfile;
+ fi;
delete: sudo /opt/vyatta/sbin/vyatta-ipset.pl --action=delete-member \
--set-name=$VAR(../@) \